On (27/10/16 05:04), Daniel Hermans wrote:
Hi,
not sure if a bug or not but a quick warning that hopefully may save someone some time!
We use puppet to install sssd based on a condition. we:
- yum install -y sssd
- authconfig --enablesssd --enablesssdauth --enablelocauthorize --enableldap
--enableldapauth --enablemkhomedir --enablecachecreds --update ( to setup PAM and nsswitch
- not sure if ALL of these are necessary? )
- copy over our private config ( as you can't do all of the config with authconfig
that i can see? )
This didn't work - intermittently sssd was using a 'stale' config. After much
headbutting issue was twofold:
- sssd is started and activated by the authconfig command, this creates config.ldb and
cache_default.ldb
- puppet writes the config file immediately and sssd restarted
- sssd compares modification time of /etc/sssd/sssd.conf with /var/lib/sss/db/config.ldb
and, because the times are the same ( written in the same minute ), IT IGNORES the new
config file
It is not about the same minute but about the same second.
If puppet creates sssd.config then I think it will be the best to
change authconfig options. Because it does not make a sense to generate
sssd.conf by authconfig in your case.
IIRC sssd config is generated with reduced combination of options
It isn't required to use ldap related options together with sssd
--enablesssd --enablesssdauth --enableldap --enableldapauth
You can also remove --enablecachecreds because you can configure it
ssd.conf itself which is created by puppet.
Could you try to run following comman on new machine?
authconfig --enablesssd --enablesssdauth \
--enablelocauthorize --enablemkhomedir \
--update
LS